Support Framework and Control Sources other than GitHub

[vijaytdh]

Overview

At present it looks like if you want to download frameworks/controls at run/scan time when using the kubernetes operator, this can ONLY be pulled from GitHub. Ideally other sources should be supported.

The documentation is not particularly clear on other options - it only mentions disabling the artifact download for air gapped environments - so it is possible I have missed something and there is a way to do this without public GitHub access.

Problem

At present it looks like if you want to download frameworks/controls at run/scan time when using the kubernetes operator, this can ONLY be pulled from GitHub. This is a problem for air gapped environments because you have to rely on updating the image if you do not have the option to allow unfettered access to GitHub.

Solution

There are probably several options (in order of my personal preference):

• Make the git repo configurable so you can use GitLab etc
• Allow using a local source (e.g. that comes from a PVC and mount - then we could have something that will periodically sync the framework/controls from cloud storage etc)

Alternatives

Running with the controls/frameworks baked into the image works but this can be a chore if you have multiple clusters. I guess it may be possible to try to set the tag to latest and pullPolicy to always but you then need to periodically trigger restarts of kubescape - which I guess you could do with a custom cron job that deletes the pod...but this is a very hacky solution.

I tried to read the code here https://github.com/kubescape/kubescape/blob/9544e9cd66e1a4b9500b11813ed649d5bfafbbeb/core/cautils/scaninfo.go#L167 and this suggests maybe there is a way to tell it to use a local location but I could not figure out how I do that. It wasn't clear if there is a configuration file option or perhaps its via a command line argument - but then you do you provide that to the container?